Blogs

Examining Different Approaches to BYOD

By dwessels posted Mar 15, 2013 01:16 AM

  

BYOD “Bring Your Own Device” has become a very popular industry term in the last couple of years.  The core concept of BYOD is pretty simple and straightforward; allow users to use their own personal devices for corporate use.  The most common devices end users are interesting in using are mobile phones and tablets.

 

Enterprises have attempted to enable BYOD using several different types of technologies with varying degrees of success.  Let’s take a quick run through of the different technologies that have been available and that enterprises have tried to leverage.

 

MDM – Mobile Device Management

Mobile device management has been synonymous with the term BYOD in the past, but has been focused more around corporate devices than end user’s personal devices. 

MDM’s primary use case is to provide policy and control for corporate-owned assets.  This can be for simple logging and auditing purposes, or for other purposes such as telcom expense management.  The whole premise behind MDM is that the MDM gateway has taken the device under management.  Once this happens, the enterprise (and MDM gateway) has full control over the device.  This works for corporate-owned devices, but doesn’t fit well for personal devices as the enterprise takes over management of those devices. 

 

Onboarding

Onboarding is a way to provide unmanaged configuration to connecting mobile devices and tablets.  Onboarding is typically tied to a network workflow, something like a captive portal, and serves as an aid to give the device credentials or configuration so that it can connect to the network.  There are predominantly two types of onboarding solutions: simple solutions, which provide toolkits for enterprises to push very simple configuration, and complex, fully featured onboarding solutions that tie into Active Directory and provide  full-blown certificate management solutions for mobile devices. Onboarding is great for getting devices on the network by bootstrapping them with the configuration and credentials that they need to be able to function on the network.  Onboarding is usually a one time event, but is not a managed configuration so if, for example, the network configuration changes, the mobile device would have to go through the onboarding process again.  Onboarding fits well with BYOD as it does not require device management and does not blur the device ownership boundaries.

 

VDI – Virtual Desktop Infrastructure

Most enterprises have some sort of a VDI deployment in their network.  VDI provides a remote desktop to a user’s device.  This has typically been for PCs or thin computing appliances, but with the explosion of mobile devices, enterprises have investigated leveraging their VDI deployments to support BYOD.  What is great about VDI is that it can give the end user a full-blown PC experience that they can manipulate on their mobile devices.  End users typically choose a mobile device or tablet based on the end user experience.  VDI forces the user to have a totally different user experience compared to their native mobile device.  This end user experience is typically very clumsy; for example, desktop interfaces were not designed for touch input  On top of this, VDI is typically very expensive compared to other BYOD solutions, as all of the applications and desktops need to have server based compute power somewhere in the network.

 

 

NAC – Network Access Control

With the explosion of the use of personal mobile devices and tablets, enterprises have investigated or deployed technologies that allow them to control the use of these devices in the enterprise network.  Network Access Control is one of the technologies that enterprises have deployed to control this use.  NAC gives an enterprise the ability to set network policy for different types of devices on their network.  These policies range from a complete blocking of unknown devices (ie. personal BYOD devices) to quarantined or restricted network access.  Most NAC solutions can also provide a captive portal-based user experience that can allow a user to register their personal device for use on the corporate network.  The whole concept behind using NAC for BYOD is for the enterprise to make a decision whether or not they want the personally owned device on their network, and what resources that device should have access to.

 

MAM – Mobile Application Management

Most enterprises have a set of enterprise applications that they would like to provide to their end user’s personal device.  MAM is a solution that is born from trying to solve this problem.  MAM solutions focus on the enterprise applications and data that need to be delivered to the end user’s personal mobile device.  More advanced MAM solutions can isolate enterprise applications and content and give the enterprise full policy and control over the applications and content.  With MAM, this can be done without giving the enterprise and management control of the user’s whole device; the control is strictly for the business content on the mobile device.   For BYOD, MAM typically makes the enterprise happy as they have control over their content, and makes the end user happy as they can use their own personal device for business.

 

Those are several of the approaches that have been used by people to solve BYOD.  We would love to share how you plan to support BYOD in your environment.  Are there other technologies that you have seen used?  Are there other BYOD problems or challenges that you are faced with that you would like to share?

3 comments
0 views

Comments

Apr 09, 2013 12:06 PM

Agreed Jason, the technologies tend to get difficult to classify.  Typically it will take more than one type of technology to solve the BYOD challenge successfully.  Due to that fact, sometimes it is hard to classify a product in a single category when it actually uses several technologies.

 

Good point on device level (OS) virtualization.  It is also a technology that has been looked at to provide seperation of data on the mobile device.  It is usually a very heavy weight approach and is very resource intensive for mobile devices.  The weight of the virtualization has pushed companies to focus on user space seperation instead of device level.

Apr 08, 2013 02:33 PM

Thanks for your comments Jason.

 

We encourage all community members to join Aruba CEO Dominic Orr and Co-Founder/CTO Keerti Melkote on Wednesday for a live broadcast event with some exciting news about how Aruba is reimagining MDM to definitively answer BYOD challenges. There will be some cool demos too.

 

Pre-register to watch the live streaming event here:  http://goo.gl/ADct2

 

 

Mar 17, 2013 03:12 PM

i think this article summarises the main options well in this space. I would probably say MDM is not really an options for "Bring Your own" , but as the article states a way of an enterprise controlling an asset they have purchased and have full control over.  Products described as MDM that also support personal data or personas muddy the water. (e.g is BES10/balance/fusion MDM or  not?) 

 

Generally in an enterprise NAC vs Onboarding is seen as a telco problem and MDM vs MAM as desktop problem. The two approaches and thus the BYOD strategy need to be joined up. They are often not. 

 

The only other comment is that device virtualisation seems to be missing. i.e. segreating business/personal data through some OS level virtualisation (on the device). VDI is generally a data centre side date  contol strategy.